Abstract/Details

Understanding Internet infrastructure and securing enterprise networks


2007 2007

Other formats: Order a copy

Abstract (summary)

The success of the Internet has brought out extraordinary benefits to our society. Current Internet infrastructure has become much more complicated than that in the early 90's when it was first deployed for commercial use. Due to limitations in the initial design of the Internet, security issues are not well addressed. Thus, the Internet has been confronted with many security problems such as worm attacks and Internet infrastructure vulnerabilities. To address these problems, this dissertation focuses on developing various strategies for securing enterprise networks and Internet infrastructure.

The Internet consists of thousands of distinct regions of administrative domains, each of which possesses a set of Autonomous Systems (ASes). With the rapid growth of the Internet in both scale and complexity, understanding its infrastructure is critical to ensure the reliable and efficient operation of the Internet. This has led to the first part of our work.

The connectivity of the Internet does not imply the reachability from one network to another. Routing policies among Internet Service Providers (ISPs) play an important role, which are determined by commercial relationships among them. Although such information is desirable for Internet related research, not all ISPs are willing to publish it. It becomes necessary to infer AS relationships from other public resources to understand the network reachability. Our first part of work evaluates existing algorithms on inferring AS relationships and proposes an improved algorithm that achieves a better accuracy on the inference results.

Maintaining network reachability is far from enough for enterprise networks since malicious attacks may deplete network resources and degrade network performances. The second part of our work is to develop strategies for securing enterprise networks against worm attacks. We propose an algorithm on worm detection and quarantine using sequential hypothesis testing. Both analytical and experimental results show that our algorithm can protect enterprise networks effectively from generic worm attacks.

In addition to worm attacks, there are malicious attacks exploiting the vulnerabilities in the Internet infrastructure, which may result in more severe damages by impacting the networks on a large-scale. We address two security issues along this line. One issue is the persistent forwarding loops that may be exploited to launch flooding attacks. The other is the design flaws in router architecture that may be exploited to impact the functionality of routers and routing protocols.

Regarding the vulnerability of persistent forwarding loops, we perform an extensive measurement in the Internet to understand its scope, i.e., the number of network addresses that has experienced persistent forwarding loops and the number of addresses that will be impacted indirectly by the loops. We also characterize the properties of persistent forwarding loops in terms of length and location. By emphasizing their potential damage, we also investigate the possible causes of persistent forwarding loops.

Regarding the design flaws in router architecture, we analyze the impact of control path congestion on the behavior of Border Gateway Protocol (BGP). Our results show that attacks exploiting this vulnerability can reset BGP sessions within 10 minutes, which may lead to global routing instability in the Internet. In addition, we discuss feasible solutions to mitigate such problems and provide suggestions in practice to secure the Internet infrastructure.

The major contributions of this dissertation include the analysis on potential vulnerabilities in the Internet infrastructure and the development of worm detection and quarantine algorithms to secure enterprise networks. We assess the Internet infrastructure vulnerability by both analytical and experimental studies, and highlight that misconfigurations and design flaws in routers may cause serious security problems in the Internet.

Indexing (details)


Subject
Electrical engineering
Classification
0544: Electrical engineering
Identifier / keyword
Applied sciences; Autonomous systems; Computer security; Enterprise networks; Internet; Worm detection
Title
Understanding Internet infrastructure and securing enterprise networks
Author
Xia, Jianhong
Number of pages
150
Publication year
2007
Degree date
2007
School code
0118
Source
DAI-B 68/02, Dissertation Abstracts International
Place of publication
Ann Arbor
Country of publication
United States
Advisor
Gao, Lixin
University/institution
University of Massachusetts Amherst
University location
United States -- Massachusetts
Degree
Ph.D.
Source type
Dissertations & Theses
Language
English
Document type
Dissertation/Thesis
Dissertation/thesis number
3254943
ProQuest document ID
304848564
Copyright
Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.
Document URL
http://search.proquest.com/docview/304848564
Access the complete full text

You can get the full text of this document if it is part of your institution's ProQuest subscription.

Try one of the following:

  • Connect to ProQuest through your library network and search for the document from there.
  • Request the document from your library.
  • Go to the ProQuest login page and enter a ProQuest or My Research username / password.